Fortinet white logo
Fortinet white logo

CLI Reference

config wireless-controller wtp

config wireless-controller wtp

Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

config wireless-controller wtp
    Description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.
    edit <wtp-id>
        set admin [discovered|disable|...]
        set allowaccess {option1}, {option2}, ...
        set apcfg-profile {string}
        set ble-major-id {integer}
        set ble-minor-id {integer}
        set bonjour-profile {string}
        set coordinate-latitude {string}
        set coordinate-longitude {string}
        set firmware-provision {string}
        set firmware-provision-latest [disable|once]
        set image-download [enable|disable]
        set index {integer}
        set ip-fragment-preventing {option1}, {option2}, ...
        config lan
            Description: WTP LAN port mapping.
            set port-esl-mode [offline|nat-to-wan|...]
            set port-esl-ssid {string}
            set port-mode [offline|nat-to-wan|...]
            set port-ssid {string}
            set port1-mode [offline|nat-to-wan|...]
            set port1-ssid {string}
            set port2-mode [offline|nat-to-wan|...]
            set port2-ssid {string}
            set port3-mode [offline|nat-to-wan|...]
            set port3-ssid {string}
            set port4-mode [offline|nat-to-wan|...]
            set port4-ssid {string}
            set port5-mode [offline|nat-to-wan|...]
            set port5-ssid {string}
            set port6-mode [offline|nat-to-wan|...]
            set port6-ssid {string}
            set port7-mode [offline|nat-to-wan|...]
            set port7-ssid {string}
            set port8-mode [offline|nat-to-wan|...]
            set port8-ssid {string}
        end
        set led-state [enable|disable]
        set location {string}
        set login-passwd {password}
        set login-passwd-change [yes|default|...]
        set mesh-bridge-enable [default|enable|...]
        set name {string}
        set override-allowaccess [enable|disable]
        set override-ip-fragment [enable|disable]
        set override-lan [enable|disable]
        set override-led-state [enable|disable]
        set override-login-passwd-change [enable|disable]
        set override-split-tunnel [enable|disable]
        set override-wan-port-mode [enable|disable]
        set purdue-level [1|1.5|...]
        config radio-1
            Description: Configuration options for radio 1.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        config radio-2
            Description: Configuration options for radio 2.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        config radio-3
            Description: Configuration options for radio 3.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        config radio-4
            Description: Configuration options for radio 4.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        set region {string}
        set region-x {string}
        set region-y {string}
        config split-tunneling-acl
            Description: Split tunneling ACL filter list.
            edit <id>
                set dest-ip {ipv4-classnet}
            next
        end
        set split-tunneling-acl-local-ap-subnet [enable|disable]
        set split-tunneling-acl-path [tunnel|local]
        set tun-mtu-downlink {integer}
        set tun-mtu-uplink {integer}
        set uuid {uuid}
        set wan-port-mode [wan-lan|wan-only]
        set wtp-profile {string}
    next
end

config wireless-controller wtp

Parameter

Description

Type

Size

Default

admin

Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP.

option

-

enable

Option

Description

discovered

FortiGate wireless controller discovers the WTP, AP, or FortiAP though discovery or join request messages.

disable

FortiGate wireless controller is configured to not provide service to this WTP.

enable

FortiGate wireless controller is configured to provide service to this WTP.

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

-

Option

Description

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

apcfg-profile

AP local configuration profile name.

string

Maximum length: 35

ble-major-id

Override BLE Major ID.

integer

Minimum value: 0 Maximum value: 65535

0

ble-minor-id

Override BLE Minor ID.

integer

Minimum value: 0 Maximum value: 65535

0

bonjour-profile

Bonjour profile name.

string

Maximum length: 35

coordinate-latitude

WTP latitude coordinate.

string

Maximum length: 19

coordinate-longitude

WTP longitude coordinate.

string

Maximum length: 19

firmware-provision

Firmware version to provision to this FortiAP on bootup (major.minor.build, i.e. 6.2.1234).

string

Maximum length: 35

firmware-provision-latest

Enable/disable one-time automatic provisioning of the latest firmware version.

option

-

disable

Option

Description

disable

Do not automatically provision the latest available firmware.

once

Automatically attempt a one-time upgrade to the latest available firmware version.

image-download

Enable/disable WTP image download.

option

-

enable

Option

Description

enable

Enable WTP image download at join time.

disable

Disable WTP image download at join time.

index

Index. Read-only.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip-fragment-preventing

Method.

option

-

tcp-mss-adjust

Option

Description

tcp-mss-adjust

TCP maximum segment size adjustment.

icmp-unreachable

Drop packet and send ICMP Destination Unreachable

led-state

Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc.

option

-

enable

Option

Description

enable

Allow the LEDs on this FortiAP to light.

disable

Keep the LEDs on this FortiAP off.

location

Field for describing the physical location of the WTP, AP or FortiAP.

string

Maximum length: 35

login-passwd

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

login-passwd-change

Change or reset the administrator password of a managed WTP, FortiAP or AP.

option

-

no

Option

Description

yes

Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.

default

Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.

no

Do not change the managed WTP, FortiAP or AP's administrator password.

mesh-bridge-enable

Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP.

option

-

default

Option

Description

default

Use mesh Ethernet bridge local setting on the WTP.

enable

Turn on mesh Ethernet bridge on the WTP.

disable

Turn off mesh Ethernet bridge on the WTP.

name

WTP, AP or FortiAP configuration name.

string

Maximum length: 35

override-allowaccess

Enable to override the WTP profile management access configuration.

option

-

disable

Option

Description

enable

Override the WTP profile management access configuration.

disable

Use the WTP profile management access configuration.

override-ip-fragment

Enable/disable overriding the WTP profile IP fragment prevention setting.

option

-

disable

Option

Description

enable

Override the WTP profile IP fragment prevention setting.

disable

Use the WTP profile IP fragment prevention setting.

override-lan

Enable to override the WTP profile LAN port setting.

option

-

disable

Option

Description

enable

Override the WTP profile LAN port setting.

disable

Use the WTP profile LAN port setting.

override-led-state

Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP's LEDs.

option

-

disable

Option

Description

enable

Override the WTP profile LED state.

disable

Use the WTP profile LED state.

override-login-passwd-change

Enable to override the WTP profile login-password (administrator password) setting.

option

-

disable

Option

Description

enable

Override the WTP profile login-password (administrator password) setting.

disable

Use the the WTP profile login-password (administrator password) setting.

override-split-tunnel

Enable/disable overriding the WTP profile split tunneling setting.

option

-

disable

Option

Description

enable

Override the WTP profile split tunneling setting.

disable

Use the WTP profile split tunneling setting.

override-wan-port-mode

Enable/disable overriding the wan-port-mode in the WTP profile.

option

-

disable

Option

Description

enable

Override the WTP profile wan-port-mode.

disable

Use the wan-port-mode in the WTP profile.

purdue-level

Purdue Level of this WTP.

option

-

3

Option

Description

1

Level 1 - Basic Control

1.5

Level 1.5

2

Level 2 - Area Supervisory Control

2.5

Level 2.5

3

Level 3 - Operations & Control

3.5

Level 3.5

4

Level 4 - Business Planning & Logistics

5

Level 5 - Enterprise Network

5.5

Level 5.5

region

Region name WTP is associated with.

string

Maximum length: 35

region-x

Relative horizontal region coordinate (between 0 and 1).

string

Maximum length: 15

0

region-y

Relative vertical region coordinate (between 0 and 1).

string

Maximum length: 15

0

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

option

-

disable

Option

Description

enable

Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

disable

Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

-

local

Option

Description

tunnel

Split tunneling ACL list traffic will be tunnel.

local

Split tunneling ACL list traffic will be local NATed.

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel.

integer

Minimum value: 576 Maximum value: 1500

0

tun-mtu-uplink

The maximum transmission unit.

integer

Minimum value: 576 Maximum value: 1500

0

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

wan-port-mode

Enable/disable using the FortiAP WAN port as a LAN port.

option

-

wan-only

Option

Description

wan-lan

Use the FortiAP WAN port as a LAN port.

wan-only

Do not use the WAN port as a LAN port.

wtp-id

WTP ID.

string

Maximum length: 35

wtp-profile

WTP profile name to apply to this WTP, AP or FortiAP.

string

Maximum length: 35

config lan

Parameter

Description

Type

Size

Default

port-esl-mode

ESL port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP ESL port to WTP WAN port.

bridge-to-wan

Bridge WTP ESL port to WTP WAN port.

bridge-to-ssid

Bridge WTP ESL port to SSID.

port-esl-ssid

Bridge ESL port to SSID.

string

Maximum length: 15

port-mode

LAN port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

config radio-1

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 1 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config radio-2

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 2 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config radio-3

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 3 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config radio-4

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 4 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config split-tunneling-acl

Parameter

Description

Type

Size

Default

dest-ip

Destination IP and mask for the split-tunneling subnet.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

config wireless-controller wtp

config wireless-controller wtp

Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.

config wireless-controller wtp
    Description: Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate.
    edit <wtp-id>
        set admin [discovered|disable|...]
        set allowaccess {option1}, {option2}, ...
        set apcfg-profile {string}
        set ble-major-id {integer}
        set ble-minor-id {integer}
        set bonjour-profile {string}
        set coordinate-latitude {string}
        set coordinate-longitude {string}
        set firmware-provision {string}
        set firmware-provision-latest [disable|once]
        set image-download [enable|disable]
        set index {integer}
        set ip-fragment-preventing {option1}, {option2}, ...
        config lan
            Description: WTP LAN port mapping.
            set port-esl-mode [offline|nat-to-wan|...]
            set port-esl-ssid {string}
            set port-mode [offline|nat-to-wan|...]
            set port-ssid {string}
            set port1-mode [offline|nat-to-wan|...]
            set port1-ssid {string}
            set port2-mode [offline|nat-to-wan|...]
            set port2-ssid {string}
            set port3-mode [offline|nat-to-wan|...]
            set port3-ssid {string}
            set port4-mode [offline|nat-to-wan|...]
            set port4-ssid {string}
            set port5-mode [offline|nat-to-wan|...]
            set port5-ssid {string}
            set port6-mode [offline|nat-to-wan|...]
            set port6-ssid {string}
            set port7-mode [offline|nat-to-wan|...]
            set port7-ssid {string}
            set port8-mode [offline|nat-to-wan|...]
            set port8-ssid {string}
        end
        set led-state [enable|disable]
        set location {string}
        set login-passwd {password}
        set login-passwd-change [yes|default|...]
        set mesh-bridge-enable [default|enable|...]
        set name {string}
        set override-allowaccess [enable|disable]
        set override-ip-fragment [enable|disable]
        set override-lan [enable|disable]
        set override-led-state [enable|disable]
        set override-login-passwd-change [enable|disable]
        set override-split-tunnel [enable|disable]
        set override-wan-port-mode [enable|disable]
        set purdue-level [1|1.5|...]
        config radio-1
            Description: Configuration options for radio 1.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        config radio-2
            Description: Configuration options for radio 2.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        config radio-3
            Description: Configuration options for radio 3.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        config radio-4
            Description: Configuration options for radio 4.
            set auto-power-high {integer}
            set auto-power-level [enable|disable]
            set auto-power-low {integer}
            set auto-power-target {string}
            set band {option1}, {option2}, ...
            set channel <chan1>, <chan2>, ...
            set drma-manual-mode [ap|monitor|...]
            set override-band [enable|disable]
            set override-channel [enable|disable]
            set override-txpower [enable|disable]
            set override-vaps [enable|disable]
            set power-level {integer}
            set power-mode [dBm|percentage]
            set power-value {integer}
            set vap-all [tunnel|bridge|...]
            set vaps <name1>, <name2>, ...
        end
        set region {string}
        set region-x {string}
        set region-y {string}
        config split-tunneling-acl
            Description: Split tunneling ACL filter list.
            edit <id>
                set dest-ip {ipv4-classnet}
            next
        end
        set split-tunneling-acl-local-ap-subnet [enable|disable]
        set split-tunneling-acl-path [tunnel|local]
        set tun-mtu-downlink {integer}
        set tun-mtu-uplink {integer}
        set uuid {uuid}
        set wan-port-mode [wan-lan|wan-only]
        set wtp-profile {string}
    next
end

config wireless-controller wtp

Parameter

Description

Type

Size

Default

admin

Configure how the FortiGate operating as a wireless controller discovers and manages this WTP, AP or FortiAP.

option

-

enable

Option

Description

discovered

FortiGate wireless controller discovers the WTP, AP, or FortiAP though discovery or join request messages.

disable

FortiGate wireless controller is configured to not provide service to this WTP.

enable

FortiGate wireless controller is configured to provide service to this WTP.

allowaccess

Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.

option

-

Option

Description

https

HTTPS access.

ssh

SSH access.

snmp

SNMP access.

apcfg-profile

AP local configuration profile name.

string

Maximum length: 35

ble-major-id

Override BLE Major ID.

integer

Minimum value: 0 Maximum value: 65535

0

ble-minor-id

Override BLE Minor ID.

integer

Minimum value: 0 Maximum value: 65535

0

bonjour-profile

Bonjour profile name.

string

Maximum length: 35

coordinate-latitude

WTP latitude coordinate.

string

Maximum length: 19

coordinate-longitude

WTP longitude coordinate.

string

Maximum length: 19

firmware-provision

Firmware version to provision to this FortiAP on bootup (major.minor.build, i.e. 6.2.1234).

string

Maximum length: 35

firmware-provision-latest

Enable/disable one-time automatic provisioning of the latest firmware version.

option

-

disable

Option

Description

disable

Do not automatically provision the latest available firmware.

once

Automatically attempt a one-time upgrade to the latest available firmware version.

image-download

Enable/disable WTP image download.

option

-

enable

Option

Description

enable

Enable WTP image download at join time.

disable

Disable WTP image download at join time.

index

Index. Read-only.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip-fragment-preventing

Method.

option

-

tcp-mss-adjust

Option

Description

tcp-mss-adjust

TCP maximum segment size adjustment.

icmp-unreachable

Drop packet and send ICMP Destination Unreachable

led-state

Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc.

option

-

enable

Option

Description

enable

Allow the LEDs on this FortiAP to light.

disable

Keep the LEDs on this FortiAP off.

location

Field for describing the physical location of the WTP, AP or FortiAP.

string

Maximum length: 35

login-passwd

Set the managed WTP, FortiAP, or AP's administrator password.

password

Not Specified

login-passwd-change

Change or reset the administrator password of a managed WTP, FortiAP or AP.

option

-

no

Option

Description

yes

Change the managed WTP, FortiAP or AP's administrator password. Use the login-password option to set the password.

default

Keep the managed WTP, FortiAP or AP's administrator password set to the factory default.

no

Do not change the managed WTP, FortiAP or AP's administrator password.

mesh-bridge-enable

Enable/disable mesh Ethernet bridge when WTP is configured as a mesh branch/leaf AP.

option

-

default

Option

Description

default

Use mesh Ethernet bridge local setting on the WTP.

enable

Turn on mesh Ethernet bridge on the WTP.

disable

Turn off mesh Ethernet bridge on the WTP.

name

WTP, AP or FortiAP configuration name.

string

Maximum length: 35

override-allowaccess

Enable to override the WTP profile management access configuration.

option

-

disable

Option

Description

enable

Override the WTP profile management access configuration.

disable

Use the WTP profile management access configuration.

override-ip-fragment

Enable/disable overriding the WTP profile IP fragment prevention setting.

option

-

disable

Option

Description

enable

Override the WTP profile IP fragment prevention setting.

disable

Use the WTP profile IP fragment prevention setting.

override-lan

Enable to override the WTP profile LAN port setting.

option

-

disable

Option

Description

enable

Override the WTP profile LAN port setting.

disable

Use the WTP profile LAN port setting.

override-led-state

Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP's LEDs.

option

-

disable

Option

Description

enable

Override the WTP profile LED state.

disable

Use the WTP profile LED state.

override-login-passwd-change

Enable to override the WTP profile login-password (administrator password) setting.

option

-

disable

Option

Description

enable

Override the WTP profile login-password (administrator password) setting.

disable

Use the the WTP profile login-password (administrator password) setting.

override-split-tunnel

Enable/disable overriding the WTP profile split tunneling setting.

option

-

disable

Option

Description

enable

Override the WTP profile split tunneling setting.

disable

Use the WTP profile split tunneling setting.

override-wan-port-mode

Enable/disable overriding the wan-port-mode in the WTP profile.

option

-

disable

Option

Description

enable

Override the WTP profile wan-port-mode.

disable

Use the wan-port-mode in the WTP profile.

purdue-level

Purdue Level of this WTP.

option

-

3

Option

Description

1

Level 1 - Basic Control

1.5

Level 1.5

2

Level 2 - Area Supervisory Control

2.5

Level 2.5

3

Level 3 - Operations & Control

3.5

Level 3.5

4

Level 4 - Business Planning & Logistics

5

Level 5 - Enterprise Network

5.5

Level 5.5

region

Region name WTP is associated with.

string

Maximum length: 35

region-x

Relative horizontal region coordinate (between 0 and 1).

string

Maximum length: 15

0

region-y

Relative vertical region coordinate (between 0 and 1).

string

Maximum length: 15

0

split-tunneling-acl-local-ap-subnet

Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

option

-

disable

Option

Description

enable

Enable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

disable

Disable automatically adding local subnetwork of FortiAP to split-tunneling ACL.

split-tunneling-acl-path

Split tunneling ACL path is local/tunnel.

option

-

local

Option

Description

tunnel

Split tunneling ACL list traffic will be tunnel.

local

Split tunneling ACL list traffic will be local NATed.

tun-mtu-downlink

The MTU of downlink CAPWAP tunnel.

integer

Minimum value: 576 Maximum value: 1500

0

tun-mtu-uplink

The maximum transmission unit.

integer

Minimum value: 576 Maximum value: 1500

0

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

wan-port-mode

Enable/disable using the FortiAP WAN port as a LAN port.

option

-

wan-only

Option

Description

wan-lan

Use the FortiAP WAN port as a LAN port.

wan-only

Do not use the WAN port as a LAN port.

wtp-id

WTP ID.

string

Maximum length: 35

wtp-profile

WTP profile name to apply to this WTP, AP or FortiAP.

string

Maximum length: 35

config lan

Parameter

Description

Type

Size

Default

port-esl-mode

ESL port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP ESL port to WTP WAN port.

bridge-to-wan

Bridge WTP ESL port to WTP WAN port.

bridge-to-ssid

Bridge WTP ESL port to SSID.

port-esl-ssid

Bridge ESL port to SSID.

string

Maximum length: 15

port-mode

LAN port mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port-ssid

Bridge LAN port to SSID.

string

Maximum length: 15

port1-mode

LAN port 1 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port1-ssid

Bridge LAN port 1 to SSID.

string

Maximum length: 15

port2-mode

LAN port 2 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port2-ssid

Bridge LAN port 2 to SSID.

string

Maximum length: 15

port3-mode

LAN port 3 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port3-ssid

Bridge LAN port 3 to SSID.

string

Maximum length: 15

port4-mode

LAN port 4 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port4-ssid

Bridge LAN port 4 to SSID.

string

Maximum length: 15

port5-mode

LAN port 5 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port5-ssid

Bridge LAN port 5 to SSID.

string

Maximum length: 15

port6-mode

LAN port 6 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port6-ssid

Bridge LAN port 6 to SSID.

string

Maximum length: 15

port7-mode

LAN port 7 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port7-ssid

Bridge LAN port 7 to SSID.

string

Maximum length: 15

port8-mode

LAN port 8 mode.

option

-

offline

Option

Description

offline

Offline.

nat-to-wan

NAT WTP LAN port to WTP WAN port.

bridge-to-wan

Bridge WTP LAN port to WTP WAN port.

bridge-to-ssid

Bridge WTP LAN port to SSID.

port8-ssid

Bridge LAN port 8 to SSID.

string

Maximum length: 15

config radio-1

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 1 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config radio-2

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 2 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config radio-3

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 3 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config radio-4

Parameter

Description

Type

Size

Default

auto-power-high

The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

17

auto-power-level

Enable/disable automatic power-level adjustment to prevent co-channel interference.

option

-

disable

Option

Description

enable

Enable automatic transmit power adjustment.

disable

Disable automatic transmit power adjustment.

auto-power-low

The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type).

integer

Minimum value: 0 Maximum value: 4294967295

10

auto-power-target

Target of automatic transmit power adjustment in dBm.

string

Maximum length: 7

-70

band

WiFi band that Radio 4 operates on.

option

-

Option

Description

802.11a

802.11a.

802.11b

802.11b.

802.11g

802.11g.

802.11n-2G

802.11n (WiFi 4) at 2.4GHz.

802.11n-5G

802.11n (WiFi 4) at 5GHz.

802.11ac-2G

802.11ac (WiFi 5) at 2.4GHz.

802.11ac-5G

802.11ac (WiFi 5) at 5GHz.

802.11ax-2G

802.11ax (WiFi 6) at 2.4GHz.

802.11ax-5G

802.11ax (WiFi 6) at 5GHz.

802.11ax-6G

802.11ax (WiFi 6) at 6GHz.

802.11be-2G

802.11be (WiFi 7) at 2.4GHz.

802.11be-5G

802.11be (WiFi 7) at 5GHz.

802.11be-6G

802.11be (WiFi 7) at 6GHz.

channel <chan>

Selected list of wireless radio channels.

Channel number.

string

Maximum length: 3

drma-manual-mode

Radio mode to be used for DRMA manual mode.

option

-

ncf

Option

Description

ap

Set the radio to AP mode.

monitor

Set the radio to monitor mode

ncf

Select and set the radio mode based on NCF score.

ncf-peek

Select the radio mode based on NCF score, but do not apply.

override-band

Enable to override the WTP profile band setting.

option

-

disable

Option

Description

enable

Override the WTP profile band setting.

disable

Use the WTP profile band setting.

override-channel

Enable to override WTP profile channel settings.

option

-

disable

Option

Description

enable

Override WTP profile channel settings.

disable

Use WTP profile channel settings.

override-txpower

Enable to override the WTP profile power level configuration.

option

-

disable

Option

Description

enable

Override the WTP profile power level configuration.

disable

Use the WTP profile power level configuration.

override-vaps

Enable to override WTP profile Virtual Access Point (VAP) settings.

option

-

disable

Option

Description

enable

Override WTP profile VAP settings.

disable

Use WTP profile VAP settings.

power-level

Radio EIRP power level as a percentage of the maximum EIRP power.

integer

Minimum value: 0 Maximum value: 100

100

power-mode

Set radio effective isotropic radiated power. This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities.

option

-

percentage

Option

Description

dBm

Set radio EIRP power in dBm.

percentage

Set radio EIRP power by percentage.

power-value

Radio EIRP power in dBm.

integer

Minimum value: 1 Maximum value: 33

27

vap-all

Configure method for assigning SSIDs to this FortiAP.

option

-

tunnel

Option

Description

tunnel

Automatically select tunnel SSIDs.

bridge

Automatically select local-bridging SSIDs.

manual

Manually select SSIDs.

vaps <name>

Manually selected list of Virtual Access Points (VAPs).

Virtual Access Point (VAP) name.

string

Maximum length: 35

config split-tunneling-acl

Parameter

Description

Type

Size

Default

dest-ip

Destination IP and mask for the split-tunneling subnet.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0